The Dynamic Signal platform offers Single Sign-On (SSO) integration with any SAML 2.0 compliant provider. Commonly-used SSO integrations include the following: Okta, Azure, Salesforce, ADFS, OneLogin, and PingFederate.
Dynamic Signal follows SP (Service Provider) initiated flow, where the Dynamic Signal platform is the service provider and the customer is the Identity Provider (IdP). You can complete your SSO setup in the Dynamic Signal Manager app from the Single Sign-On page.
The best practice is to implement SSO in a test community first. If you have a development SSO environment, you can use it in your Dynamic Signal test community. Once you confirm SSO works properly in your test community, you can set up SSO in your production community.
Review the following sections and tables below for more information on SSO before you start your setup:
- SSO Definitions
- Types of ID and Email Settings
- Creation of Accounts in Dynamic Signal Using SSO
- Changes to SAML Attributes
Once you have completed reviewing SSO setup information, see Set Up Dynamic Signal SSO to start your SSO setup.
Before You Begin
The email ID of the member or employee, which is used to register in the Dynamic Signal platform. For example: firstname.lastname@example.org
Types of ID and Email Settings
External SSO UserID, first name, last name
Note: The Email ID will not be visible in the platform or used as a validator if you choose this option.
Creation of Accounts in Dynamic Signal using SSO
- SSO users can be preregistered. This creates the account before the user logs on and allows Dynamic Signal to set categories, attributes, tags, etc. for the user.
- If SSO users are not preregistered, an account is created in Dynamic Signal after the first SSO logon via just-in-time provisioning. The only SAML attributes pulled into the platform are: First Name, Last Name, Email (if required/optional), and External SSO User ID (if used as unique identifier).
- If a platform logon user logs on using SSO (with the same email address), the logon method for that account is converted to SSO. Thereafter, the user won’t be able to use platform credentials to logon.
- Users must be given access to the Dynamic Signal application within the IdP settings. Without this, SSO users will not be able to login to Dynamic Signal.
Changes to SAML Attributes
If you decide to change the ID and Email Settings in your community, existing SSO users may not be able to sign in because the unique identifier within Dynamic Signal will change. Before making any changes to your SSO configuration, contact your Customer Success Manager to ensure that no issues will occur.